package com.my.config;

import cn.hutool.core.io.FileUtil;
import org.mybatis.spring.annotation.MapperScan;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.cloud.netflix.eureka.EnableEurekaClient;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.io.ClassPathResource;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;
import java.io.IOException;
import java.nio.charset.Charset;

/**
 * @Author coderMy
 * @Date 2021/3/30
 */

/**
 * 统一做jwt解析,每个模块都依赖common,每个模块就都可以做解析了
 *
 * 将资源服务器的注解,在这里统一添加
 */
@Configuration
//@MapperScan("com.my.mapper") //mapper扫描
//@EnableEurekaClient //eureka客户端
@EnableResourceServer //资源服务器
@EnableGlobalMethodSecurity(prePostEnabled = true) //权限访问
public class ResourceConfig extends ResourceServerConfigurerAdapter {

    @Autowired
    private TokenStore tokenStore;
    @Autowired
    private JwtAccessTokenConverter jwtAccessTokenConverter;

    /**
     * 告诉资源服务器,从哪取token
     * @param resources
     * @throws Exception
     */
    @Override
    public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
        resources.tokenStore(tokenStore);
    }

    /**
     * 设置放行
     * @param http
     * @throws Exception
     */
    @Override
    public void configure(HttpSecurity http) throws Exception {

        //前后端分离,不再需要session
        http.sessionManagement().disable();
        //配置跨域请求攻击
        http.csrf().disable();

        //放行的URL
        http.authorizeRequests().antMatchers(
                "/v2/api-docs",
                "/v3/api-docs",
                "/swagger-resources/configuration/ui",  //用来获取支持的动作
                "/swagger-resources",                   //用来获取api-docs的URI
                "/swagger-resources/configuration/security",//安全选项
                "/webjars/**",
                "/swagger-ui/**",
                "/druid/**",
                "/actuator/**"
        ).permitAll();

        http.authorizeRequests().anyRequest().authenticated();
        http.headers().cacheControl();
    }

    /**
     * JWT转换器
     * 设置公钥解析JWT
     * @return
     */
    @Bean
    public JwtAccessTokenConverter jwtAccessTokenConverter(){

        JwtAccessTokenConverter jwtAccessTokenConverter = new JwtAccessTokenConverter();
        //公钥存储地址
        ClassPathResource classPathResource = new ClassPathResource("public_key.txt");
        //从公钥中取内容
        String publicStr = null;
        try {
            publicStr = FileUtil.readString(classPathResource.getFile(), Charset.defaultCharset());
        } catch (IOException e) {
            e.printStackTrace();
        }
        jwtAccessTokenConverter.setVerifierKey(publicStr);
        return jwtAccessTokenConverter;
    }


    /**
     * JWT的方式
     * @return
     */
    @Bean
    public TokenStore tokenStore(){
        return new JwtTokenStore(jwtAccessTokenConverter);
    }

}
